entropy depletion
Ben Laurie
ben at algroup.co.uk
Thu Jan 13 05:23:17 EST 2005
William Allen Simpson wrote:
> Ben Laurie wrote:
>
>> William Allen Simpson wrote:
>>
>>>> Why then restrict it to non-communications usages?
>>>
>>>
>>> Because we are starting from the postulate that observation of the
>>> output could (however remotely) give away information about the
>>> underlying state of the entropy generator(s).
>>
>>
>> Surely observation of /dev/urandom's output also gives away information?
>>
> ummm, no, not by definition.
>
> /dev/random
> blocks on insufficient estimate of stored entropy
> useful for indirect measurement of system characteristics
> (assumes no PRNG)
>
> /dev/urandom
> blocks only when insufficient entropy for initialization of state
> computationally infeasible to determine underlying state
> (assumes robust PRNG)
>
> These are the definitions we've been using around here for many years.
> It does help when everybody is talking about the same things.
Around where? I've never heard of a /dev/random that doesn't include a
PRNG. But I'll admit its entirely possible I just haven't been paying
attention. Can you give examples?
In any case, if the postulate is that observing the output could give
away information about the underlying state, then I cannot see how
/dev/urandom gets around this problem.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list